CVE-2020-27697

CWE-59CWE-4263 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 84.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Trendmicro Antivirus\+ Security 2020Trendmicro Internet Security 2020Trendmicro Maximum Security 2020+2 more
Timeline
PublishedNov 18
Latest updateMay 24

Description

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-9hh8-9m39-758p: Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-pro2022-05-24
CVEList
CVE-2020-27697: Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-pro2020-11-18
CVE-2020-27697 (HIGH CVSS 7.8) | Trend Micro Security 2020 (Consumer | cvebase.io